Skip to content

Commit d30cc01

Browse files
acornett21acornett21
authored
updating go and dependencies to address cve's (#7064)
* updating ansible operator dependency, updating to go 1.25.7 Signed-off-by: Adam D. Cornett <adc@redhat.com> * updating go-git to address CVE-2026-25934 Signed-off-by: Adam D. Cornett <adc@redhat.com> * updating fulcio to address CVE-2025-66506 Signed-off-by: Adam D. Cornett <adc@redhat.com> * updating sigstore to address CVE-2026-24137 Signed-off-by: Adam D. Cornett <adc@redhat.com> * updating rest of the UBI images to 9.7 Signed-off-by: Adam D. Cornett <adc@redhat.com> --------- Signed-off-by: Adam D. Cornett <adc@redhat.com>
1 parent fe8a366 commit d30cc01

File tree

10 files changed

+184
-181
lines changed

10 files changed

+184
-181
lines changed

go.mod

Lines changed: 56 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/operator-framework/operator-sdk
22

3-
go 1.24.6
3+
go 1.25.7
44

55
require (
66
github.com/blang/semver/v4 v4.0.0
@@ -10,34 +10,34 @@ require (
1010
github.com/iancoleman/strcase v0.3.0
1111
github.com/kr/text v0.2.0
1212
github.com/markbates/inflect v1.0.4
13-
github.com/maxbrunsfeld/counterfeiter/v6 v6.12.0
14-
github.com/onsi/ginkgo/v2 v2.27.2
15-
github.com/onsi/gomega v1.38.2
16-
github.com/operator-framework/ansible-operator-plugins v1.42.0
13+
github.com/maxbrunsfeld/counterfeiter/v6 v6.12.1
14+
github.com/onsi/ginkgo/v2 v2.28.1
15+
github.com/onsi/gomega v1.39.1
16+
github.com/operator-framework/ansible-operator-plugins v1.42.1
1717
github.com/operator-framework/api v0.34.0
1818
github.com/operator-framework/operator-lib v0.19.0
1919
github.com/operator-framework/operator-manifest-tools v0.10.0
2020
github.com/operator-framework/operator-registry v1.59.0
2121
github.com/prometheus/client_golang v1.23.2
2222
github.com/sergi/go-diff v1.4.0
23-
github.com/sirupsen/logrus v1.9.3
23+
github.com/sirupsen/logrus v1.9.4
2424
github.com/spf13/afero v1.15.0
25-
github.com/spf13/cobra v1.10.1
25+
github.com/spf13/cobra v1.10.2
2626
github.com/spf13/pflag v1.0.10
2727
github.com/spf13/viper v1.21.0
2828
github.com/stretchr/testify v1.11.1
2929
github.com/thoas/go-funk v0.9.3
30-
golang.org/x/mod v0.29.0
31-
golang.org/x/text v0.30.0
32-
golang.org/x/tools v0.37.0
30+
golang.org/x/mod v0.32.0
31+
golang.org/x/text v0.34.0
32+
golang.org/x/tools v0.41.0
3333
gomodules.xyz/jsonpatch/v3 v3.0.1
3434
helm.sh/helm/v3 v3.18.6
35-
k8s.io/api v0.33.5
36-
k8s.io/apiextensions-apiserver v0.33.5
37-
k8s.io/apimachinery v0.33.5
38-
k8s.io/cli-runtime v0.33.5
39-
k8s.io/client-go v0.33.5
40-
k8s.io/kubectl v0.33.5
35+
k8s.io/api v0.33.9
36+
k8s.io/apiextensions-apiserver v0.33.9
37+
k8s.io/apimachinery v0.33.9
38+
k8s.io/cli-runtime v0.33.9
39+
k8s.io/client-go v0.33.9
40+
k8s.io/kubectl v0.33.9
4141
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
4242
sigs.k8s.io/controller-runtime v0.21.0
4343
sigs.k8s.io/controller-tools v0.18.0
@@ -64,7 +64,7 @@ require (
6464
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
6565
github.com/beorn7/perks v1.0.1 // indirect
6666
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
67-
github.com/cenkalti/backoff/v5 v5.0.2 // indirect
67+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
6868
github.com/cespare/xxhash/v2 v2.3.0 // indirect
6969
github.com/chai2010/gettext-go v1.0.2 // indirect
7070
github.com/containerd/cgroups/v3 v3.0.5 // indirect
@@ -75,7 +75,7 @@ require (
7575
github.com/containerd/errdefs/pkg v0.3.0 // indirect
7676
github.com/containerd/log v0.1.0 // indirect
7777
github.com/containerd/platforms v0.2.1 // indirect
78-
github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect
78+
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
7979
github.com/containerd/ttrpc v1.2.7 // indirect
8080
github.com/containerd/typeurl/v2 v2.2.3 // indirect
8181
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
@@ -90,7 +90,7 @@ require (
9090
github.com/distribution/reference v0.6.0 // indirect
9191
github.com/docker/cli v29.2.0+incompatible // indirect
9292
github.com/docker/distribution v2.8.3+incompatible // indirect
93-
github.com/docker/docker v28.3.3+incompatible // indirect
93+
github.com/docker/docker v28.5.2+incompatible // indirect
9494
github.com/docker/docker-credential-helpers v0.9.3 // indirect
9595
github.com/docker/go-connections v0.6.0 // indirect
9696
github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 // indirect
@@ -107,14 +107,15 @@ require (
107107
github.com/go-errors/errors v1.4.2 // indirect
108108
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
109109
github.com/go-git/go-billy/v5 v5.6.2 // indirect
110-
github.com/go-git/go-git/v5 v5.16.2 // indirect
110+
github.com/go-git/go-git/v5 v5.16.5 // indirect
111111
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
112-
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
112+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
113113
github.com/go-logr/stdr v1.2.2 // indirect
114114
github.com/go-logr/zapr v1.3.0 // indirect
115115
github.com/go-openapi/jsonpointer v0.21.1 // indirect
116116
github.com/go-openapi/jsonreference v0.21.0 // indirect
117117
github.com/go-openapi/swag v0.23.1 // indirect
118+
github.com/go-sql-driver/mysql v1.9.2 // indirect
118119
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
119120
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
120121
github.com/gobuffalo/envy v1.6.5 // indirect
@@ -123,21 +124,22 @@ require (
123124
github.com/gogo/protobuf v1.3.2 // indirect
124125
github.com/golang-migrate/migrate/v4 v4.19.0 // indirect
125126
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
127+
github.com/golang/mock v1.7.0-rc.1 // indirect
126128
github.com/golang/protobuf v1.5.4 // indirect
127129
github.com/google/btree v1.1.3 // indirect
128130
github.com/google/cel-go v0.26.0 // indirect
129131
github.com/google/gnostic-models v0.6.9 // indirect
130132
github.com/google/go-cmp v0.7.0 // indirect
131-
github.com/google/go-containerregistry v0.20.6 // indirect
132-
github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect
133+
github.com/google/go-containerregistry v0.20.7 // indirect
134+
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
133135
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
134136
github.com/google/uuid v1.6.0 // indirect
135137
github.com/gorilla/handlers v1.5.2 // indirect
136138
github.com/gorilla/mux v1.8.1 // indirect
137139
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
138140
github.com/gosuri/uitable v0.0.4 // indirect
139141
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
140-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.0 // indirect
142+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.4 // indirect
141143
github.com/h2non/filetype v1.1.3 // indirect
142144
github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect
143145
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -152,18 +154,18 @@ require (
152154
github.com/joho/godotenv v1.3.0 // indirect
153155
github.com/josharian/intern v1.0.0 // indirect
154156
github.com/json-iterator/go v1.1.12 // indirect
155-
github.com/klauspost/compress v1.18.0 // indirect
157+
github.com/klauspost/compress v1.18.1 // indirect
156158
github.com/klauspost/pgzip v1.2.6 // indirect
157159
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
158160
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
159-
github.com/letsencrypt/boulder v0.0.0-20250624003606-5ddd5acf990d // indirect
160161
github.com/lib/pq v1.10.9 // indirect
161162
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
162163
github.com/mailru/easyjson v0.9.0 // indirect
163-
github.com/mattn/go-colorable v0.1.13 // indirect
164+
github.com/mattn/go-colorable v0.1.14 // indirect
164165
github.com/mattn/go-isatty v0.0.20 // indirect
165166
github.com/mattn/go-runewidth v0.0.16 // indirect
166167
github.com/mattn/go-sqlite3 v1.14.32 // indirect
168+
github.com/miekg/dns v1.1.61 // indirect
167169
github.com/miekg/pkcs11 v1.1.1 // indirect
168170
github.com/mitchellh/copystructure v1.2.0 // indirect
169171
github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -182,6 +184,7 @@ require (
182184
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
183185
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
184186
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
187+
github.com/nxadm/tail v1.4.11 // indirect
185188
github.com/opencontainers/go-digest v1.0.0 // indirect
186189
github.com/opencontainers/image-spec v1.1.1 // indirect
187190
github.com/opencontainers/runtime-spec v1.2.1 // indirect
@@ -194,7 +197,7 @@ require (
194197
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
195198
github.com/proglottis/gpgme v0.1.5 // indirect
196199
github.com/prometheus/client_model v0.6.2 // indirect
197-
github.com/prometheus/common v0.66.1 // indirect
200+
github.com/prometheus/common v0.67.5 // indirect
198201
github.com/prometheus/procfs v0.16.1 // indirect
199202
github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0 // indirect
200203
github.com/redis/go-redis/extra/redisotel/v9 v9.10.0 // indirect
@@ -206,34 +209,35 @@ require (
206209
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
207210
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
208211
github.com/shopspring/decimal v1.4.0 // indirect
209-
github.com/sigstore/fulcio v1.7.1 // indirect
210-
github.com/sigstore/protobuf-specs v0.4.3 // indirect
211-
github.com/sigstore/sigstore v1.9.5 // indirect
212+
github.com/sigstore/fulcio v1.8.5 // indirect
213+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
214+
github.com/sigstore/sigstore v1.10.4 // indirect
212215
github.com/smallstep/pkcs7 v0.2.1 // indirect
213216
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
214217
github.com/spf13/cast v1.10.0 // indirect
215218
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
216219
github.com/stoewer/go-strcase v1.3.1 // indirect
217220
github.com/subosito/gotenv v1.6.0 // indirect
218-
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
219221
github.com/ulikunitz/xz v0.5.15 // indirect
220-
github.com/vbatts/tar-split v0.12.1 // indirect
222+
github.com/vbatts/tar-split v0.12.2 // indirect
221223
github.com/vbauerster/mpb/v8 v8.10.2 // indirect
222224
github.com/x448/float16 v0.8.4 // indirect
223225
github.com/xlab/treeprint v1.2.0 // indirect
224226
go.etcd.io/bbolt v1.4.3 // indirect
227+
go.etcd.io/etcd/client/pkg/v3 v3.6.0 // indirect
228+
go.etcd.io/etcd/client/v3 v3.6.0 // indirect
225229
go.opencensus.io v0.24.0 // indirect
226230
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
227231
go.opentelemetry.io/contrib/bridges/prometheus v0.61.0 // indirect
228232
go.opentelemetry.io/contrib/exporters/autoexport v0.61.0 // indirect
229-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
233+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
230234
go.opentelemetry.io/otel v1.40.0 // indirect
231235
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.12.2 // indirect
232236
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.12.2 // indirect
233237
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.36.0 // indirect
234238
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.36.0 // indirect
235-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
236-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 // indirect
239+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
240+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect
237241
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 // indirect
238242
go.opentelemetry.io/otel/exporters/prometheus v0.58.0 // indirect
239243
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.12.2 // indirect
@@ -245,37 +249,37 @@ require (
245249
go.opentelemetry.io/otel/sdk/log v0.12.2 // indirect
246250
go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
247251
go.opentelemetry.io/otel/trace v1.40.0 // indirect
248-
go.opentelemetry.io/proto/otlp v1.7.0 // indirect
252+
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
249253
go.podman.io/common v0.65.0 // indirect
250254
go.podman.io/image/v5 v5.37.0 // indirect
251255
go.podman.io/storage v1.60.0 // indirect
252256
go.uber.org/multierr v1.11.0 // indirect
253-
go.uber.org/zap v1.27.0 // indirect
254-
go.yaml.in/yaml/v2 v2.4.2 // indirect
257+
go.uber.org/zap v1.27.1 // indirect
258+
go.yaml.in/yaml/v2 v2.4.3 // indirect
255259
go.yaml.in/yaml/v3 v3.0.4 // indirect
256-
golang.org/x/crypto v0.43.0 // indirect
260+
golang.org/x/crypto v0.47.0 // indirect
257261
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
258-
golang.org/x/net v0.46.0 // indirect
259-
golang.org/x/oauth2 v0.30.0 // indirect
260-
golang.org/x/sync v0.17.0 // indirect
262+
golang.org/x/net v0.49.0 // indirect
263+
golang.org/x/oauth2 v0.34.0 // indirect
264+
golang.org/x/sync v0.19.0 // indirect
261265
golang.org/x/sys v0.40.0 // indirect
262-
golang.org/x/term v0.36.0 // indirect
263-
golang.org/x/time v0.12.0 // indirect
266+
golang.org/x/term v0.39.0 // indirect
267+
golang.org/x/time v0.14.0 // indirect
264268
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
265269
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
266270
gomodules.xyz/orderedmap v0.1.0 // indirect
267-
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
268-
google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
269-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
270-
google.golang.org/grpc v1.75.1 // indirect
271-
google.golang.org/protobuf v1.36.9 // indirect
271+
google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 // indirect
272+
google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
273+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
274+
google.golang.org/grpc v1.78.0 // indirect
275+
google.golang.org/protobuf v1.36.11 // indirect
272276
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
273277
gopkg.in/inf.v0 v0.9.1 // indirect
274278
gopkg.in/warnings.v0 v0.1.2 // indirect
275279
gopkg.in/yaml.v2 v2.4.0 // indirect
276280
gopkg.in/yaml.v3 v3.0.1 // indirect
277-
k8s.io/apiserver v0.33.5 // indirect
278-
k8s.io/component-base v0.33.5 // indirect
281+
k8s.io/apiserver v0.33.9 // indirect
282+
k8s.io/component-base v0.33.9 // indirect
279283
k8s.io/klog/v2 v2.130.1 // indirect
280284
k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect
281285
oras.land/oras-go/v2 v2.6.0 // indirect

0 commit comments

Comments
 (0)